Manualshelf

User guide

ManualsBrandsBlackberry ManualsComputer equipmentENTERPRISE SOLUTION SECURITY - SECURITY FOR DEVICES WITH BLUETOOTH WIRELESS TECHNOLOGY - TECHNICAL
41424344454647484950
Using a segmented network to help prevent
the spread of malware
To help prevent the spread of malware in your organization’s network, you can use firewalls to divide your organization’s
network or LAN into segments to create a segmented network. Each segment can manage the network traffic for a specific
BlackBerry Enterprise Server component. A segmented network is designed to improve the security and performance of
the segments by filtering out data that is not sent to the correct segment.
To configure the BlackBerry Enterprise Server in a segmented network, you must install each BlackBerry Enterprise Server
component on a computer that is separate from the computers that host other components and then place each computer
in its own network segment. If you configure the BlackBerry Enterprise Server in a segmented network, you create an
architecture that is designed to prevent the spread of potential attacks from one computer that hosts a component to
another computer within your organization’s LAN. A segmented network architecture is designed to isolate attacks and
contain them on one computer. To permit communication with other components, when you install each component in its
own segment, you open only the port numbers that the components use.
The BlackBerry Enterprise Server and components, with the exception of the BlackBerry Router, do not support installation
in a DMZ. For more information about configuring the BlackBerry Router in the DMZ, visit www.blackberry.com/go/
serverdocs to see Placing the BlackBerry Router in the DMZ.
For more information about the port numbers that the components use, visit www.blackberry.com/go/serverdocs to see the
BlackBerry Enterprise Server Administration Guide.
Moving a device to a BlackBerry Enterprise
Server that uses a different BlackBerry
Configuration Database
If you move a BlackBerry device to a BlackBerry Enterprise Server that uses a different BlackBerry Configuration Database
without using the BlackBerry Enterprise Transporter, you or a user must permanently delete all user data and application
data, the device transport key, and the IT policy public key from the device.
You or the user must reactivate the device to generate a new device transport key. The BlackBerry Enterprise Server that
you move the device to must generate an IT policy key pair and digitally sign and send the IT policy and the IT policy public
key to the device before the device can communicate with the
BlackBerry Enterprise Server.
The BlackBerry Configuration Database that you migrated the device to stores the BlackBerry Enterprise Server name, the
device transport key, and the IT policy private key.
Security Technical Overview Managing BlackBerry Enterprise Solution security
45